14
• Get a list of all merchant IDs and identify depts – who the IDs
belong to and how they’re processing card payments
• Visit and interview the people actually processing card payments
to confirm that assumptions are correct, and identify other issues
that were not uncovered
- How are they taking card payments? Are they storing CC data?
• Make business decisions about changes
- Work with QSA/vendors/business units to develop solutions that
are PCI compliant and meet business needs of the health system
• Make the changes, sell to management, prove compliance
Bon Secours PCI Journey - Solution